| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't ask for the password / try to load the key if the key for the
encryptionroot is already loaded. The user might have loaded the key
manually or by other means before the scripts get called.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Tom Caputi <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Signed-off-by: Witaut Bajaryn <[email protected]>
Closes #9495
Closes #9529
|
|
|
|
|
|
|
|
|
|
|
| |
Removes the 'ZFS=' prefix from $BOOTFS instead of $root. This makes sure
that the 'zfs:' prefix remains stripped so that users with
'root=zfs:dataset' cmdline can have key loaded on boot again.
Reviewed-by: Garrett Fields <[email protected]>
Reviewed-by: Dacian Reece-Stremtan <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Hiếu Lê <[email protected]>
Closes #9520
|
|
|
|
|
|
|
|
|
|
|
|
| |
Line 31 and 32 overwrote the ${root} variable which broke mount-zfs.sh
We have create a new variable for the dataset instead of overwriting the
${root} variable in zfs-load-key.sh${root} variable in zfs-load-key.sh
Reviewed-by: Kash Pande <[email protected]>
Reviewed-by: Garrett Fields <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Dacian Reece-Stremtan <[email protected]>
Closes #8913
Closes #9379
|
|
|
|
|
|
|
|
|
|
|
|
| |
The double-colon looked like a typo, but it's actually an obscure
feature. Rules with :: may appear multiple times and are run
independently of one another in the order they appear. The use of ::
for distclean-local was conventional, not accidental.
Add comments to indicate the intentional use of double-colon rules.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ryan Moeller <[email protected]>
Closes #9210
|
|
|
|
|
|
|
|
|
|
|
| |
The whereis command should not be used since it may not exist
in the initramfs. The dracut plymouth module also uses the type
command instead of whereis.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Garrett Fields <[email protected]>
Signed-off-by: Dacian Reece-Stremtan <[email protected]>
Closes #8920
Closes #8938
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dracut depends on the environment variable BOOTFS to be set after pool
import. This dracut specific systemd ExecStartPost command should not be
called for any non-dracut systems, so let's move it to a static systemd
unit that.
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Reviewed-by: Matthew Thode <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Michael Niewöhner <[email protected]>
Closes #8510
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dracut howto proposed to boot from the root dataset of a pool.
Apart from this giving problems when booting (as the code seems to
expect a child dataset and creates an illegal dataset name when using
the root dataset) the technical limitations of the root dataset
(among others the inability to rename or destroy through the `zfs`
command) resulted in the general consensus to only use it as a
container for the datasets in the pool - not as a filesystem itself.
Removed the idea to boot from the root dataset.
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: bunder2015 <[email protected]>
Signed-off-by: Gregor Kopka <[email protected]>
Closes #8247
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the `cut -b` command is used by `parse-zfs.sh`,
ensure that it is copied to the initramfs.
Fix spl_hostid when set by cmdline. This follows a
similar logic from the `zgenhostid` script, using `echo`
instead of `printf`.
Reviewed-by: Olaf Faaland <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ben Cordero <[email protected]>
Closes #8197
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PR #8114 quoted the ${ENCRYPTIONROOT} parameter to ensure we don't
lose spaces when unlocking root filesystem in the off chance that
it has a space in its name.
Unfortunately, dracut and initramfs-tools do not actually get the
quotes from the cmdline. If we use root=ZFS="root pool/filesystem
name" the script still only sees root=ZFS=root and no quotation
marks.
Because + is a reserved character in ZFS, it's used as a
placeholder for spaces in the kernel cmdline. In this way,
root=ZFS=root+pool/filesystem+name will properly expand by
replacing the character with sed (POSIX compliant method).
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: bunder2015 <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Issue #8114
Closes #8117
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add quotations for ${ENCRYPTIONROOT} to avoid breaking systems
with a space in the name.
Reviewed-by: bunder2015 <[email protected]>
Reviewed-by: Tom Caputi <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Related-to: #8093
Closes #8114
|
|
|
|
|
|
|
|
|
| |
The new zfs-import.target should be used in place of the
zfs-import-*.service units.
Reviewed by: Brian Behlendorf <[email protected]>
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Signed-off-by: Antonio Russo <[email protected]>
Closes #6964
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Systemd binaries necessary for mounting an encrypted root dataset
weren't copied to initramfs generated by dracut. This patch fixes
this and copies these binaries unconditionally, that is
regardless of whether native ZFS encryption is used for the
root dataset.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: George Diamantopoulos <[email protected]>
Closes #7607
Closes #7719
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vdev_id requires the program `basename` when handling short aliases
defined in `vdev_id.conf` (those defined without a leading path), but
`basename` is not always available in the dracut environment. This
causes the pool device names to change when using `by-vdev/` devices
or (in extreme cases) can make the pool import fail in dracut.
This commit fixes the problem by explicitly installing `basename`.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Steffen Müthing <[email protected]>
Closes #7562
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves importing root pool during boot in dracut. This case was
inadvertently broken with the module autoloading change in #7287.
Reviewed-by: Matthew Thode <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Giuseppe Di Natale <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Closes #7322
|
|
|
|
|
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Co-authored-by: Kash Pande <[email protected]>
Co-authored-by: Matthew Thode <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7214
|
|
|
|
|
|
|
|
|
|
|
|
| |
- enable booting from nested encrypted datasets
- fix plymouth boot splash passphrase entry
- optimize unlock process
Co-authored-by: Kash Pande <[email protected]>
Co-authored-by: Matthew Thode <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7214
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Authored by: Chris Williamson <[email protected]>
Reviewed by: Matthew Ahrens <[email protected]>
Reviewed by: George Wilson <[email protected]>
Reviewed by: John Kennedy <[email protected]>
Reviewed by: Dan Kimmel <[email protected]>
Approved by: Garrett D'Amore <[email protected]>
Ported-by: Don Brady <[email protected]>
Ported-by: John Kennedy <[email protected]>
OpenZFS-issue: https://www.illumos.org/issues/7431
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/dfc11533
Porting Notes:
* The CLI long option arguments for '-t' and '-m' don't parse on linux
* Switched from kmem_alloc to vmem_alloc in zcp_lua_alloc
* Lua implementation is built as its own module (zlua.ko)
* Lua headers consumed directly by zfs code moved to 'include/sys/lua/'
* There is no native setjmp/longjump available in stock Linux kernel.
Brought over implementations from illumos and FreeBSD
* The get_temporary_prop() was adapted due to VFS platform differences
* Use of inline functions in lua parser to reduce stack usage per C call
* Skip some ZFS Test Suite ZCP tests on sparc64 to avoid stack overflow
|
|
|
|
|
|
|
|
| |
Reviewed-by: Kash Pande <[email protected]>
Reviewed-by: bunder2015 <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7136
Closes #7140
|
|
|
|
|
|
|
|
|
|
|
| |
The generated zfs-load-key.sh file should have been added to
the .gitignore file as part of commit 7da8f8d8. And the
generated file should not be included in the repo.
Reviewed-by: Matthew Thode <[email protected]>
Reviewed-by: Giuseppe Di Natale <[email protected]>
Reviewed by: George Melikov <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #7134
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The on-disk format for encrypted datasets protects not only
the encrypted and authenticated blocks themselves, but also
the order and interpretation of these blocks. In order to
make this work while maintaining the ability to do raw
sends, the indirect bps maintain a secure checksum of all
the MACs in the block below it along with a few other
fields that determine how the data is interpreted.
Unfortunately, the current on-disk format erroneously
includes some fields which are not portable and thus cannot
support raw sends. It is not possible to easily work around
this issue due to a separate and much smaller bug which
causes indirect blocks for encrypted dnodes to not be
compressed, which conflicts with the previous bug. In
addition, the current code generates incompatible on-disk
formats on big endian and little endian systems due to an
issue with how block pointers are authenticated. Finally,
raw send streams do not currently include dn_maxblkid when
sending both the metadnode and normal dnodes which are
needed in order to ensure that we are correctly maintaining
the portable objset MAC.
This patch zero's out the offending fields when computing
the bp MAC and ensures that these MACs are always
calculated in little endian order (regardless of the host
system's byte order). This patch also registers an errata
for the old on-disk format, which we detect by adding a
"version" field to newly created DSL Crypto Keys. We allow
datasets without a version (version 0) to only be mounted
for read so that they can easily be migrated. We also now
include dn_maxblkid in raw send streams to ensure the MAC
can be maintained correctly.
This patch also contains minor bug fixes and cleanups.
Reviewed-by: Jorgen Lundman <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed by: Matthew Ahrens <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #6845
Closes #6864
Closes #7052
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'zfs load-key -a' will only be called if needed. If a dataset not
needed for boot does not have its key loaded (home directories for
example) boot can still continue.
zfs:AUTO was not working via dracut, so we still need the generator
script to do its thing.
Reviewed-by: Richard Yao <[email protected]>
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: loli10K <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #6982
Closes #7004
|
|
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Giuseppe Di Natale <[email protected]>
Signed-off-by: loli10K <[email protected]>
Closes #6962
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PBKDF2 implementation changed to OpenSSL implementation.
* HKDF implementation moved to its own file and tests
added to ensure correctness.
* Removed libzfs's now unnecessary dependency on libzpool
and libicp.
* Ztest can now create and test encrypted datasets. This is
currently disabled until issue #6526 is resolved, but
otherwise functions as advertised.
* Several small bug fixes discovered after enabling ztest
to run on encrypted datasets.
* Fixed coverity defects added by the encryption patch.
* Updated man pages for encrypted send / receive behavior.
* Fixed a bug where encrypted datasets could receive
DRR_WRITE_EMBEDDED records.
* Minor code cleanups / consolidation.
Signed-off-by: Tom Caputi <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
| |
On Void Linux (x86_64 musl) libgcc_s.so is located in "/usr/lib"
so it is not found by dracut and it produces an error.
Add a simple additional path check for "/usr/lib/libgcc_s.so*"
and install it in the initramfs.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: privb0x23 <[email protected]>
Closes #6715
|
|
|
|
|
|
|
|
|
|
|
| |
while these are source by dracut (which is a bash script)
the practical difference is small, but it is more correct:
/bin/sh is not bash on all systems (e.g. Debian and its
derivatives use /bin/dash as /bin/sh by default).
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Fabian Grünbichler <[email protected]>
Closes #6491
|
|
|
|
|
|
|
|
|
| |
The vdev_id script requires awk, grep, and head. Use dracut_install to
ensure that these commands are available in the initrd environment.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Karsten Kretschmer <[email protected]>
Closes #6443
Closes #6452
|
|
|
|
|
|
|
|
|
|
| |
The dracut/02zfsexpandknowledge/module-setup.sh.in has a syntax error
which makes the script unusable by a POSIX compliant shell like Dash
on Debian based systems.
Reviewed-by: Giuseppe Di Natale <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Signed-off-by: Aron Xu <[email protected]>
Closes #5712
|
|
|
|
|
|
|
| |
Two additional files were recently introduced and should be
ignored by git.
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #5299
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When Dracut starts up, it needs to determine whether a pool will remain
"hanging open" before the system shuts off. In such a case, then the
code to clean up the pool (using the previous export -F work) must
be invoked. Since Dracut has had a recent change that makes
mount-zfs.sh simply not run when the root dataset is already mounted,
we must use the cleanup hook to order Dracut to do shutdown cleanup.
Important note: this code will not accomplish its stated goal until this
bug is fixed: https://bugzilla.redhat.com/show_bug.cgi?id=1385432
That bug impacts more than just ZFS. It impacts LUKS, dmraid, and
unmount during poweroff. It is a Fedora-wide bug.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Manuel Amador (Rudd-O) <[email protected]>
Closes #5287
|
|
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Manuel Amador (Rudd-O) <[email protected]>
Closes #5228
Closes #5238
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The behavior of the Dracut module was very wrong before.
The correct behavior: initramfs should not run `zfs-mount` to completion
if the two generator files exist. If, however, one of them is missing,
it indicates one of three cases:
* The kernel command line did not specify a root ZFS file system, and
another Dracut module is already handling root mount (via systemd).
`mount-zfs` can run, but it will do nothing.
* There is no systemd to run `sysroot.mount` to begin with.
`mount-zfs` must run.
* The root parameter is zfs:AUTO, which cannot be run in sysroot.mount.
`mount-zfs` must run.
In any of these three cases, it is safe to run `zfs-mount` to completion.
`zfs-mount` must also delete itself if it determines it should not run,
or else Dracut will do the insane thing of running it over and over again.
Literally, the definition of insanity, doing the same thing that did not
work before, expecting different results. Doing that may have had a great
result before, when we had a race between devices appearing and pools
being mounted, and `mount-zfs` was tasked with the full responsibility
of importing the needed pool, but nowadays it is wrong behavior and
should be suppressed.
I deduced that self-deletion was the correct thing to do by looking at
other Dracut code, because (as we all are very fully aware of) Dracut
is entirely, ahem, "implementation-defined".
Tested-by: @wphilips
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Manuel Amador (Rudd-O) <[email protected]>
Closes #5157
Closes #5204
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based upon @ryao's initial fix for 1c73494394fc9de9283b3fd4f00bcdf4bd300a7
( 5e9843405f63fdabe76e87b92b81a127d488abc7 ) this one also uses
`command -v` instead of `type`, but additionally only applies the
fix to close zfsonlinux/zfs#4749 when `libgcc_s.so.1` has not been included
by dracut automatically (verified by whether `zpool` links directly to
`libgcc_s.so`), as well as change the fallback option to match `libgcc_s.so*`.
Tested-by: Ben Jencks <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Moritz Maxeiner <[email protected]>
Closes #5089
Closed #5138
|
|
|
|
|
|
|
| |
Signed-off-by: Moritz Maxeiner <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Closes #4749
Closes #5058
|
|
|
|
|
|
|
| |
Signed-off-by: Moritz Maxeiner <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Closes #4749
Closes #5058
|
|
|
|
|
|
|
|
|
| |
A lot of string replacement target don't have dependency or incorrect
dependency. We setup proper dependency by pattern rules.
Signed-off-by: Chunwei Chen <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #4908
|
|
|
|
|
| |
Signed-off-by: Manuel Amador (Rudd-O) <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #4645
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- In older systems without sysroot.mount, import before dracut-mount,
and re-enable old dracut mount hook
- rootflags MUST be present even if the administrator neglected to
specify it explicitly
- Check that mount.zfs exists in sbindir
- Remove awk and head as (now unused) requirements, add grep, and
install the right mount.zfs
- Eliminate one use of grep in Dracut
- Use a more accurate grepping statement to identify zfsutil in rootflags
- Ensure that pooldev is nonempty
- Properly handle /dev/sd* devices and more
- Use new -P to get list of zpool devices
- Bail out of the generator when zfs:AUTO is on the root command line
- Ignore errors from systemctl trying to load sysroot.mount, we only
care about the output
- Determine which one is the correct initqueuedir at run time.
- Add a compatibility getargbool for our detection / setup script.
- Update dracut .gitignore files
Signed-off-by: <Matthew Thode [email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #4558
Closes #4562
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dracut and Systemd updated how they integrate with each other, because
of this our current integrations stopped working (around the time
4.1.13 came out). This patch addresses that issue and gets us booting
again.
Thanks to @Rudd-O for doing the work to get dracut working again and
letting me submit this on his behalf.
Signed-off-by: Manuel Amador (Rudd-O) <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #3605
Closes #4478
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build products from an out of tree build should be written
relative to the build directory. Sources should be referred
to by their locations in the source directory.
This is accomplished by adding the 'src' and 'obj' variables
for the module Makefile.am, using relative paths to reference
source files, and by setting VPATH when source files are not
co-located with the Makefile. This enables the following:
$ mkdir build
$ cd build
$ ../configure \
--with-spl=$HOME/src/git/spl/ \
--with-spl-obj=$HOME/src/git/spl/build
$ make -s
This change also has the advantage of resolving the following
warning which is generated by modern versions of automake.
Makefile.am:00: warning: source file 'xxx' is in a subdirectory,
Makefile.am:00: but option 'subdir-objects' is disabled
Signed-off-by: Turbo Fredriksson <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #1082
|
|
The dracut code is analogous to the initramfs code and as such
it should be located in the contrib with initramfs for consistency.
Signed-off-by: Brian Behlendorf <[email protected]>
|